Christian Boltz
34919fc720
- add apparmor-krb5-conf-d.diff for kerberos client Since https://build.opensuse.org/package/rdiff/network/krb5?linkrev=base&rev=204, it is possible to use configuration snippets for krb5.conf. However, any service under apparmor will not be able to read it. As /etc/krb5.conf.d is default for SUSE but not for upstream apparmor, the patch might not be accepted upstream. LEAP15(.1) should also get this fix. OBS-URL: https://build.opensuse.org/request/show/733763 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=249
29 lines
947 B
Diff
29 lines
947 B
Diff
From 1e37af227ec977efe1a6b6454f5a801c4c04e886 Mon Sep 17 00:00:00 2001
|
|
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
|
Date: Fri, 27 Sep 2019 18:34:20 -0300
|
|
Subject: [PATCH] abstractions/kerberosclient: allow /etc/krb5.conf.d
|
|
|
|
Permit the use of /etc/krb5.conf.d configuration snippets
|
|
|
|
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
|
---
|
|
profiles/apparmor.d/abstractions/kerberosclient | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/profiles/apparmor.d/abstractions/kerberosclient b/profiles/apparmor.d/abstractions/kerberosclient
|
|
index 8b08c146..7cb1f9e0 100644
|
|
--- a/profiles/apparmor.d/abstractions/kerberosclient
|
|
+++ b/profiles/apparmor.d/abstractions/kerberosclient
|
|
@@ -22,6 +22,8 @@
|
|
|
|
/etc/krb5.keytab rk,
|
|
/etc/krb5.conf r,
|
|
+ /etc/krb5.conf.d/ r,
|
|
+ /etc/krb5.conf.d/* r,
|
|
|
|
# config files found via strings on libs
|
|
/etc/krb.conf r,
|
|
--
|
|
2.23.0
|
|
|